CHALLENGE OVER
The Challenge
Two plain SHA1 password hashes have been generated using separate techniques from a single "Random-Grid" One-Time Grid (see One-Time Grid write-up <HERE>). This password cracking challenge will last one week, which starts Aug 27th, 2018 1200PM EST and ends September 3rd, 2018 at 1200PM EST.
HASH #1
[CRACKED by @BoursierEtienne] fe0c9f335b35c45e92d5e7d07c5933b6c4c0a522
HASH #2
[CRACKED by @lakiw]
120c249bc0f301ef3cba7a0fcbff463aaaded486
Prizes
Claim your prizes by posting on Twitter to @netmux with the cracked password. All valid submissions must be received before Sept 3rd at 1200PM EST.
- Crack HASH #1 gets your name in the next Hash Crack: Password Cracking Manual
- Crack HASH #2 first person gets a free Pentester's Portable Cracking Rig with a GTX 1070 (~$1,100 value) ***
***Limit=1. Sorry only United States contestants are eligible to receive the password cracking rig. A $500 Amazon gift card will be awarded for an international winner that cracks HASH #2.
**To receive your final prizes contestants must submit a write-up of your strategy for cracking the password hash. These write-ups will be posted at the end of the challenge accompanying the correct solutions.
Clues
Clues will be given periodically throughout the contest. Please follow @netmux on Twitter for announcements of new clues.
- "Pattern" & "Scatter"
- One-Time Grid attached below
- Birthday Paradox
- Are all cell values equally probable?
- str(PIN)[:-1]
- scatter_cells + str(PIN)[:-1]
- Use seven of the possible ten "repeats" to mask your way to the other half of the scatter_cells solution.
- Hash #2 = print(len(scatter_cells + str(PIN)[:-1])) = 19
- No cell values have been reused in the composition of scatter_cells.
“q$*????????)wc” + str(PIN)[:-1]
CHALLENGE WRITE-UP
-wanted to give back
-rush to get it out, switched from md5 to sha1 at last minute
-hard to know what's obvious when you know the answer
-tried to slow down people with larger rigs and make it about clever analysis and tricks
-Explain each "Clue"
-36 Unique total characters out of 49 = IA9GVwc8oyL$)M.!q03WKH+epP?*{TxJzhbu
-10 characters repeating = IG8oL$.+p3
-7 repeat characters used = $I.3+LG
-HASH #2 = q$*I.3+xLHG)wc71997
08+{superjetyoMKHp
q$*I.3+xLHG)wc71997
The Clues Explained
- "Pattern" & "Scatter"
- One-Time Grid attached below
- Birthday Paradox
- Are all cell values equally probable?
- str(PIN)[:-1]
- scatter_cells + str(PIN)[:-1]
- Use seven of the possible ten "repeats" to mask your way to the other half of the scatter_cells solution.
- Hash #2 = print(len(scatter_cells + str(PIN)[:-1])) = 19
- No cell values have been reused in the composition of scatter_cells.
“q$*????????)wc” + str(PIN)[:-1]
"There is nothing more deceptive than an obvious fact."
HASH #1 = 08+{superjetyoMKHp
HASH #2 = q$*I.3+xLHG)wc71997
Cells with repeat values = q$*I.3+xLHG)wc71997
One-Time Grid: Random Password Book
Hash Crack: Password Cracking Manual
Pentester Portable Cracking Rig